refs #000: install djlint

Dockerfile

@@ -1,6 +1,6 @@
 FROM composer:2.3.5
 RUN apk add --no-cache \
-    build-base libxslt-dev libxml2-dev libgcrypt-dev git unzip wget curl libpng-dev && \
+    build-base libxslt-dev libxml2-dev libgcrypt-dev git unzip wget curl libpng-dev py3-pip && \
     docker-php-ext-install xml xsl gd
 
 WORKDIR /app
@@ -10,3 +10,5 @@ COPY composer* ./
 RUN composer install --ignore-platform-reqs -v --no-interaction --prefer-dist --no-progress
 
 COPY . ./
+
+RUN pip install djlint --root-user-action=ignore

tests/expected_reports/security-checker.html

@@ -19,69 +19,69 @@ <h1>security-checker</h1>
  * CVE-2022-41343: Remote file inclusion
    https://github.com/advisories/GHSA-6x28-7h8c-chx4
 
- * CVE-2023-23924: Dompdf vulnerable to URI validation failure on SVG parsing
-   https://github.com/advisories/GHSA-3cw5-7cxw-v5qg
-
- * CVE-2014-5013: Remote Code Execution (complement of CVE-2014-2383)
-   https://github.com/dompdf/dompdf/releases/tag/v0.6.2
+ * CVE-2022-0085: Server-Side Request Forgery in dompdf/dompdf
+   https://github.com/advisories/GHSA-pf6p-25r2-fx45
 
  * CVE-2014-5012: Denial Of Service Vector
    https://github.com/dompdf/dompdf/releases/tag/v0.6.2
 
  * CVE-2014-5011: Information Disclosure
    https://github.com/dompdf/dompdf/releases/tag/v0.6.2
 
- * CVE-2022-0085: Server-Side Request Forgery in dompdf/dompdf
-   https://github.com/advisories/GHSA-pf6p-25r2-fx45
+ * CVE-2023-23924: Dompdf vulnerable to URI validation failure on SVG parsing
+   https://github.com/advisories/GHSA-3cw5-7cxw-v5qg
+
+ * CVE-2014-5013: Remote Code Execution (complement of CVE-2014-2383)
+   https://github.com/dompdf/dompdf/releases/tag/v0.6.2
 
 drupal/core (8.9.13)
 --------------------
 
- * CVE-2021-33829: Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
-   https://www.drupal.org/sa-core-2021-003
-
- * CVE-2022-25277: Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
-   https://www.drupal.org/sa-core-2022-014
+ * CVE-2022-25278: Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
+   https://www.drupal.org/sa-core-2022-013
 
  * CVE-2020-13672: Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
    https://www.drupal.org/sa-core-2021-002
 
  * Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005
    https://www.drupal.org/sa-core-2021-005
 
- * CVE-2022-25278: Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
-   https://www.drupal.org/sa-core-2022-013
+ * CVE-2022-25277: Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
+   https://www.drupal.org/sa-core-2022-014
+
+ * CVE-2021-33829: Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003
+   https://www.drupal.org/sa-core-2021-003
 
  * CVE-2022-25275: Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
    https://www.drupal.org/sa-core-2022-012
 
 guzzlehttp/guzzle (6.5.4)
 -------------------------
 
- * CVE-2022-31091: Change in port should be considered a change in origin
-   https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
+ * CVE-2022-31090: CURLOPT_HTTPAUTH option not cleared on change of origin
+   https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
+
+ * CVE-2022-31042: Failure to strip the Cookie header on change in host or HTTP downgrade
+   https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
 
  * CVE-2022-29248: Cross-domain cookie leakage
    https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
 
+ * CVE-2022-31091: Change in port should be considered a change in origin
+   https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699
+
  * CVE-2022-31043: Fix failure to strip Authorization header on HTTP downgrade
    https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
 
- * CVE-2022-31042: Failure to strip the Cookie header on change in host or HTTP downgrade
-   https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
-
- * CVE-2022-31090: CURLOPT_HTTPAUTH option not cleared on change of origin
-   https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
-
 guzzlehttp/psr7 (1.6.1)
 -----------------------
 
- * CVE-2023-29197: Improper header validation
-   https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
-
  * CVE-2022-24775: Inproper parsing of HTTP headers
    https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
 
+ * CVE-2023-29197: Improper header validation
+   https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
+
 laminas/laminas-diactoros (1.8.7p2)
 -----------------------------------